pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/emulators/wine Security fix for SA16352.
details: https://anonhg.NetBSD.org/pkgsrc/rev/e1069f6cc979
branches: trunk
changeset: 498089:e1069f6cc979
user: salo <salo%pkgsrc.org@localhost>
date: Fri Aug 12 13:57:44 2005 +0000
description:
Security fix for SA16352.
"A vulnerability in wine can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated privileges.
The vulnerability is caused due to a temporary file being created
insecurely in "/tmp" by winelauncher.in under certain error conditions.
This can be exploited via symlink attacks to create or overwrite
arbitrary files with the privileges of the user running the affected
application."
http://secunia.com/advisories/16352/
Patch from Wine CVS.
diffstat:
emulators/wine/Makefile | 5 +++--
emulators/wine/distinfo | 3 ++-
emulators/wine/patches/patch-ai | 25 +++++++++++++++++++++++++
3 files changed, 30 insertions(+), 3 deletions(-)
diffs (65 lines):
diff -r 52cdeecdb61a -r e1069f6cc979 emulators/wine/Makefile
--- a/emulators/wine/Makefile Fri Aug 12 13:51:13 2005 +0000
+++ b/emulators/wine/Makefile Fri Aug 12 13:57:44 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.88 2005/07/26 13:24:36 adam Exp $
+# $NetBSD: Makefile,v 1.89 2005/08/12 13:57:44 salo Exp $
DISTNAME= Wine-20050725
PKGNAME= ${DISTNAME:S/W/w/}
+PKGREVISION= 1
CATEGORIES= emulators
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=wine/} \
http://www.ibiblio.org/pub/Linux/ALPHA/wine/development/ \
@@ -20,7 +21,7 @@
WRKSRC= ${WRKDIR}/${DISTNAME:S/W/w/}
USE_LIBTOOL= yes
-USE_TOOLS+= bison gmake
+USE_TOOLS+= bison gmake mktemp
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --without-curses --disable-trace --disable-debug
CONFIGURE_ENV+= ac_cv_path_ARTSCCONFIG=${TRUE}
diff -r 52cdeecdb61a -r e1069f6cc979 emulators/wine/distinfo
--- a/emulators/wine/distinfo Fri Aug 12 13:51:13 2005 +0000
+++ b/emulators/wine/distinfo Fri Aug 12 13:57:44 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2005/07/26 13:24:36 adam Exp $
+$NetBSD: distinfo,v 1.35 2005/08/12 13:57:44 salo Exp $
SHA1 (Wine-20050725.tar.gz) = dfda93cc903b9ad9eeab076e9fbdbbb09ca59c49
RMD160 (Wine-20050725.tar.gz) = a86fda53cf9c3a36ab3bf42ecb66740bdcbe3174
@@ -11,3 +11,4 @@
SHA1 (patch-af) = a8eb0a12b990ce5431498bff51bd2ad6a0b9d7b8
SHA1 (patch-ag) = 656f9667da542489595d1db65c84579b3dfce279
SHA1 (patch-ah) = 9be209efc28693b98354624af96e81b64d2fbc6c
+SHA1 (patch-ai) = 3d154e96464192cc3c8c0f428d0fe518ec7e1d8c
diff -r 52cdeecdb61a -r e1069f6cc979 emulators/wine/patches/patch-ai
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/emulators/wine/patches/patch-ai Fri Aug 12 13:57:44 2005 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-ai,v 1.5 2005/08/12 13:57:44 salo Exp $
+
+Fix for SA16352, from Wine CVS.
+
+--- programs/winelauncher.in.orig 2004-06-22 01:56:15.000000000 +0200
++++ programs/winelauncher.in 2005-08-12 15:11:18.000000000 +0200
+@@ -59,8 +59,8 @@
+ if [ $? -ne 0 ] ; then
+ # xmessage not found; make sure the user notices this error
+ # (GUI users wouldn't even notice if we printed the text on console !)
+- MSGFILE=/tmp/WINE_CANNOT_FIND_XMESSAGE
+- cat > $MSGFILE << EOF
++ MSGFILE=`mktemp "/tmp/wine.xmessage.XXXXXX"`
++ cat > $MSGFILE <<EOF
+ Warning:
+ The Wine launcher is unable to find the xmessage program,
+ which it needs to properly notify you of Wine execution status
+@@ -87,6 +87,7 @@
+
+ # ok, we really give up now, this system is hosed ;-)
+ cat $MSGFILE
++ rm $MSGFILE
+ else
+ XMESSAGE="xmessage $COLOR"
+ fi
Home |
Main Index |
Thread Index |
Old Index